A wired local area network is typically a broadcast network in which data transmitted from a node can be received by any other node. The respective nodes on the network share a channel, which poses great potential insecurity to the network. An attacker can capture all data packets on the network simply by accessing the network to listen.
No data security method has been proposed for a Local Area Network (LAN) defined in the existing national standard GB/T 15629.3 (corresponding to the IEEE 802.3 or ISO/IEC 8802-3), and this makes it easy for an attacker to steal key information. In the domain of international researches, a data encryption protocol to secure the Ethernet has been proposed in the IEEE 802.1 AE standard established by the IEEE, and a security measure with encryption per hop has been adopted for secured delivery of data between network nodes.
A switch device supporting the GB/T 15629.3 forwards all data packets directly and is incapable of link layer secured transmission, and information of the transmitted data packets is susceptible to interception; and a switch device supporting the IEEE 802.1 AE supports only encryption per hop and has to operate to decrypt and then encrypt all the forwarded encrypted data packets, thus resulting in a heavy burden on the switch device and a significant delay in transmission of the data on a network.